ID

VAR-202104-0885


CVE

CVE-2021-1504


TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to lack of proper input validation of the HTTPS request. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco Adaptive Security Appliances Software (ASA Software) is a set of firewall and network security platform of American Cisco (Cisco). The platform provides features such as highly secure access to data and network resources

Trust: 1.62

sources: NVD: CVE-2021-1504 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374558 // VULMON: CVE-2021-1504

AFFECTED PRODUCTS

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.14

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.13

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.7.0.1

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.8.4.35

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.7.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.14.2.4

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.12.4.10

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.6.4

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.10

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.15.1.7

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.9.2.85

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.13.1.21

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.5.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.15

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.7

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.9

Trust: 1.0

sources: NVD: CVE-2021-1504

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1504
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1504
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202104-2072
value: HIGH

Trust: 0.6

VULHUB: VHN-374558
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-1504
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1504
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-374558
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1504
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1504
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-374558 // VULMON: CVE-2021-1504 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-2072 // NVD: CVE-2021-1504 // NVD: CVE-2021-1504

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

sources: VULHUB: VHN-374558 // NVD: CVE-2021-1504

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-2072

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:Cisco Adaptive Security Appliances Software Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=149013

Trust: 0.6

title:Cisco: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services VPN Denial of Service Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-asa-ftd-vpn-dos-fpBcpEcD

Trust: 0.1

sources: VULMON: CVE-2021-1504 // CNNVD: CNNVD-202104-2072

EXTERNAL IDS

db:NVDid:CVE-2021-1504

Trust: 1.8

db:CNNVDid:CNNVD-202104-2072

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021042831

Trust: 0.6

db:AUSCERTid:ESB-2021.1468

Trust: 0.6

db:VULHUBid:VHN-374558

Trust: 0.1

db:VULMONid:CVE-2021-1504

Trust: 0.1

sources: VULHUB: VHN-374558 // VULMON: CVE-2021-1504 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-2072 // NVD: CVE-2021-1504

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-asa-ftd-vpn-dos-fpbcpecd

Trust: 1.9

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-asa-denial-of-service-via-vpn-35189

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042831

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1468

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-1504

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374558 // VULMON: CVE-2021-1504 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-2072 // NVD: CVE-2021-1504

SOURCES

db:VULHUBid:VHN-374558
db:VULMONid:CVE-2021-1504
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202104-2072
db:NVDid:CVE-2021-1504

LAST UPDATE DATE

2024-08-14T12:34:15.020000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374558date:2021-05-05T00:00:00
db:VULMONid:CVE-2021-1504date:2021-05-05T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202104-2072date:2021-05-07T00:00:00
db:NVDid:CVE-2021-1504date:2023-11-07T03:28:27.810

SOURCES RELEASE DATE

db:VULHUBid:VHN-374558date:2021-04-29T00:00:00
db:VULMONid:CVE-2021-1504date:2021-04-29T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202104-2072date:2021-04-28T00:00:00
db:NVDid:CVE-2021-1504date:2021-04-29T18:15:09.500